---
# Configuration for the pagure webapp

- name: install needed packages
  package: name={{ item }} state=present
  with_items:
  - pagure
  - pagure-ev
  - pagure-logcom
  - pagure-milters
  - pagure-webhook
  - python-psycopg2
  - python2-pygments2
  - redis
  - libsemanage-python
  - python-fedora-flask
  - python2-pagure-dist-git
  # For the pagure-sync-bugzilla.py script
  - python-bugzilla
  - python-requests
  - PyYAML
  - python-six
    #  - mod_ssl
    #  - stunnel
  tags:
  - pagure
  - packages

# Set-up stunnel for the event source server

  #- name: install stunnel service definition
  #  copy: src=stunnel.service
  #        dest=/usr/lib/systemd/system/stunnel.service
  #        owner=root group=root mode=0755
  #  notify:
  #  - reload systemd
  #  - restart stunnel
  #  tags:
  #  - pagure
  #  - stunnel

  #- name: ensure old stunnel init file is gone
  #  file: dest=/etc/init.d/stunnel/stunnel.init state=absent
  #  tags:
  #  - pagure
  #  - stunnel
  #  - config

  #- name: install stunnel.conf
  #  template: src={{ item.file }}
  #            dest={{ item.dest }}
  #            owner=root group=root mode=0600
  #  with_items:
  #  - { file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf }
  #  notify: restart stunnel
  #  tags:
  #  - pagure
  #  - stunnel
  #  - config


- name: Make sure mere mortals can access the fedmsg key
  acl:
    path: /etc/pki/fedmsg/shell-{{ inventory_hostname }}.key
    entity: packager
    etype: group
    permissions: r
    state: present

# Set-up Pagure

- name: Create a group pagure we can use
  group: name=pagure
  tags:
  - pagure

- name: Create an user we can run pagure under
  user: name=pagure group=packager append=yes
  tags:
  - pagure

- name: create the /srv/tmp folder where to clone repos
  file: state=directory
               path=/srv/tmp
               owner=pagure group=pagure mode=0775
  tags:
  - pagure

- name: copy sundry pagure configuration
  template: src={{ item.file }}
            dest={{ item.location }}/{{ item.file }}
            owner=pagure group=postfix mode=0640
  with_items:
  - { file: pagure.cfg, location: /etc/pagure }
  - { file: alembic.ini, location: /etc/pagure }
  tags:
  - config
  - web
  - pagure
  notify:
  - restart apache

- name: pagure configuration for the hooks
  template: src={{ item.file }}
            dest={{ item.location }}/{{ item.file }}
            owner=pagure group=packager mode=0640
  with_items:
  - { file: pagure_hook.cfg, location: /etc/pagure }
  tags:
  - config
  - web
  - pagure
  notify:
  - restart apache

- name: create the database scheme
  command: /usr/bin/python2 /usr/share/pagure/pagure_createdb.py
  changed_when: "1 != 1"
  environment:
      PAGURE_CONFIG: /etc/pagure/pagure.cfg
  tags:
  - web
  - pagure

- name: create all the directories where we store the git repos
  file: state=directory
               path={{ item }}
               owner=root group=packager mode=2775
  with_items:
  - /srv/git/repositories/
  - /srv/git/repositories/forks
  - /srv/git/repositories/requests
  tags:
  - gitolite
  - pagure

- name: create the remotes folder so pagure can clone remote repos
  file: state=directory
               path={{ item }}
               owner=root group=packager mode=2775
  with_items:
  - /srv/git/remotes
  tags:
  - gitolite
  - pagure

- name: Install the apache configuration file
  template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
            owner=root group=root mode=0644
  with_items:
  - z_pagure.conf
  tags:
  - files
  - config
  - pagure
  notify:
  - restart apache

- name: Install the wsgi file
  template: src={{ item }}
            dest=/var/www/{{ item }}
            owner=pagure group=pagure mode=0644
  with_items:
  - pagure.wsgi
  tags:
  - config
  - web
  - pagure
  notify:
  - restart apache

- name: Add default facl so apache can read git repos
  acl: default=yes etype=user entity=apache permissions="rx" name=/srv/git state=present
  register: acl_updates
  tags:
  - pagure

- name: Manually fix current default ACLs since Ansible doesnt know recursive acls
  when: acl_updates.changed
  command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git
  tags:
  - pagure

- name: Manually fix current ACLs since Ansible doesnt know recursive acls
  when: acl_updates.changed
  command: /usr/bin/setfacl -Rm user:apache:rx /srv/git
  tags:
  - pagure

- name: Override the default pagure_worker.service file to change the user it is run under
  copy: src={{ item }}.service
        dest=/etc/systemd/system/{{ item }}.service
        owner=root group=root mode=0755
  with_items:
  - pagure_ev
  - pagure_logcom
  - pagure_webhook
  - pagure_worker
  notify:
  - reload systemd
  tags:
  - pagure

- name: set sebooleans so pagure can talk to the db
  seboolean: name=httpd_can_network_connect_db
                    state=true
                    persistent=true
  tags:
  - selinux
  - web
  - pagure

- name: set sebooleans so apache can send emails
  seboolean: name=httpd_can_sendmail
                    state=true
                    persistent=true
  tags:
  - selinux
  - web
  - pagure

# HOTFIX: adjust bugzilla overrides
- name: HOTFIX - adjust bugzilla overrides
  copy: src=fas2.py dest=/usr/lib/python2.7/site-packages/fedora/client/fas2.py
  tags:
  - config
  - pagure
  - fas
  - hotfix
  - hotfixfas

- name: generate pagure-sync-bugzilla.py script
  template:
      src: pagure-sync-bugzilla.py.j2
      dest: /usr/local/bin/pagure-sync-bugzilla.py
      owner: root
      group: root
      mode: 0700
  tags:
  - pagure
  - bugzilla

- name: Configure cron job for a daily pagure-sync-bugzilla.py script run
  cron:
    name: pagure-sync-bugzilla
    user: root
    minute: 0
    hour: 18
    job: /usr/local/bin/lock-wrapper pagure-sync-bugzilla "/usr/local/bin/pagure-sync-bugzilla.py"
    cron_file: pagure-sync-bugzilla
    state: present
  when: env != 'staging'
  tags:
  - pagure
  - bugzilla

# Cron job to export extras information from the pagure DB
- name: Install the apache configuration file for /extras
  copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
             owner=root group=root mode=0644
  with_items:
  - pagure_cron.conf
  tags:
  - files
  - config
  - pagure
  notify:
  - restart apache

- name: create the /srv/cache/extras folder for the crons
  file: state=directory
               path=/srv/cache/extras
               owner=apache group=apache mode=0775
  tags:
  - pagure

- name: Configure cron job for a hourly pagure_poc
  cron:
    name: pagure-poc
    user: root
    minute: 0
    job: /usr/bin/python2 /usr/libexec/pagure-dist-git/pagure_poc.py /srv/cache/extras
    cron_file: pagure-poc
    state: present
  tags:
  - pagure

- name: Configure cron job for a hourly pagure_bz
  cron:
    name: pagure-poc
    user: root
    minute: 0
    job: /usr/bin/python2 /usr/libexec/pagure-dist-git/pagure_bz.py /srv/cache/extras
    cron_file: pagure-bz
    state: present
  tags:
  - pagure

- name: Configure cron job for a hourly pagure_owner_alias
  cron:
    name: pagure-poc
    user: root
    minute: 0
    job: /usr/bin/python2 /usr/libexec/pagure-dist-git/pagure_owner_alias.py /srv/cache/extras
    cron_file: pagure-owner-alias
    state: present
  tags:
  - pagure

# Ensure all the services are up and running

- name: Start and enable httpd, postfix, pagure_milter
  service: name={{ item }} enabled=yes state=started
  with_items:
  - httpd
  - postfix
#  - stunnel
  - redis
  - pagure_ev
  - pagure_logcom
  - pagure_milter
  - pagure_webhook
  - pagure_worker
  ignore_errors: true
  tags:
  - pagure
  - service
  - postfix
